The Week in Ransomware – October 12th 2018

Lots of Scarab, Matrix, and Dharma variants this week as well as some good writeups on the GandCrab ransomware. Also of interest is the report published by ESET that ties NotPetya and Industroyer to the TeleBots Group.

October 8th 2018

Michael Gillespie found a new Matrix Ransomware variant that appends the .GMAN and drops a ransom note named !README_GMAN!.rtf uploaded to ID Ransomware. Michael also found a variant that appends .EMAN50 and drops a note named #README_EMAN50#.rtf.

Michael Gillespie found a new ransomware that may be a Scarab variant that appends the .qweuirtksd extension to encrypted files and drops a ransom note named !!!ReadMeToDecrypt.txt. There are victims on internetnewsblog.

The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes).